Thank you win32sux
I hesitated between putting it here or in the security section, because yes it is more a programming question. But somehow there's a security concern! let me explain:
First I used a technique of escalating privileges for running root commands: but having two compiled C programs launched by the web page: the first being owned by www-data, and the second by root with setuid bit.
Yes you guessed it : too complicated!
But it had the advantage of having multiple C programs running each a specific command (predefined), with a low possibility of seeing a random command run.
Now setuid
scripts can't be run root.
So I'm trying su-php with minuid = 0! but it seems to me a big security concern!
Thanks for giving advises!